As details about the most recent T-Mobile hack continue to be uncovered, the company was hit with a pair of class action lawsuits late last week, alleging that the company violated the California Consumer Privacy Act (CCPA). In a pair of complaints filed in the US District Court for the Western District of Washington, plaintiffs are alleging that T-Mobile was negligent in its failure to adequately protect consumer data from the recent cybersecurity breach. Attorneys for the represented class wrote T-Mobile violated the CCPA by failing to protect consumers’ nonencrypted personally identifiable information “as a result of Defendant’s violations of its duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information.”
While T-Mobile has not publically responded to the lawsuits, the company did acknowledge on Friday that the company’s ongoing investigation identified an additional 5.3 million customers whose data was accessed during the hack. That raises the reported total of affected customers (former, current, and prospective customers) to 53 million.
The cases are Daruwalla v. T-Mobile USA Inc., W.D. Wash., No. 2:21-cv-1118, complaint 8/19/21 and Espanoza v. T-Mobile USA Inc., W.D. Wash., No. 2:21-cv-1119, complaint 8/19/21.
Nixon Peabody’s Cybersecurity and Privacy Team will continue to monitor developments of these lawsuits as well as T-Mobile’s ongoing investigation into the security breach.